Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Advertisements

ditto

Posted 02 August 2004 - 09:05 AM

ditto

- i pwn n00bs -

Member

1,260 posts

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible. Also, so the backups arent all over your desktop.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example C:\WINDOWS\Temp\C:\Temp\C:\Documents and Settings\username\Local Settings\Temp\Also delete your Temporary Internet Files, be sure to also select delete all offline content.

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log, and let us know how your system's working.

Snickering87

Posted 02 August 2004 - 10:18 PM

Snickering87

New Member

Topic Starter

Member

9 posts

Well the internet doesn't seem to be so slow, haven't seen a popup yet . I was getting a error with the explorer in one profile, but I just went in and was using that user and explorer didn't crash once. I guess I will have to keep an eye on it. Please let me know if you see anything out of the ordinary.

I set in the options to view hidden files, but I could not find the files in C:windows\system32. I did a search for the files and the computer stated they were located in C:windows\prefetch???? Very strange. Here the the latest hijack this log. The only thing I could think of is maybe I didn't activate the options that "show protected system files". Well here it is:

admin

Posted 03 August 2004 - 06:31 PM

admin

Founder Geek

Administrator

24,548 posts

Click Here to download TheKillbox. Extract TheKillBox.exe from the zip file and double click it to open it up. In the 'Enter Full Path and Filename to Delete' box, copy and paste these entries one by one, clicking 'Find and Kill This File' after each one:

C:\WINDOWS\System32\z8hfk.exeC:\WINDOWS\System32\1q1qcl.exe

Click 'Exit' when done.

Note: If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run: http://www.javacools...ngfilesetup.exe. Then try TheKillbox again.

admin

Posted 04 August 2004 - 07:20 AM

admin

Founder Geek

Administrator

24,548 posts

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.O2 - BHO: (no name) - {81D66134-ADC3-4C6D-B0A9-03D4EE35B849} - C:\WINDOWS\SYSTEM32\p8dzqtx.dllO2 - BHO: E.HH - {9E992732-295F-4987-8BE3-16FAC1639198} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.dll (file missing)

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log, and let us know how your system's working.

I wonder if the following line is a problem??[/quote]O2 - BHO: (no name) - {E350FC76-2F89-49E6-86D0-B31DC6583644} - C:\WINDOWS\SYSTEM32\5237j6.dll[quote]I know I removed this program from the computer[/quote]O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarest...es2/Install.cab[QUOTE]

admin

Posted 05 August 2004 - 08:19 AM

admin

Founder Geek

Administrator

24,548 posts

Spyware Stormer may be a ripoff, but as far as I know it doesn't install any spyware on your system. It's a ripoff of As-aware's free program that detect spyware, but charges users to remove it. It also produces numerous "false positives" to entice people to buy it.

It's hard to keep up with all these rouge spyware programs. Feel free to remove it. The only ones we recommend are Ad-aware, Spybot S&D, and Pest Patrol.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.O2 - BHO: (no name) - {E350FC76-2F89-49E6-86D0-B31DC6583644} - C:\WINDOWS\SYSTEM32\5237j6.dllO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarest...es2/Install.cab

Reboot in safe mode (by tapping F8 at startup and select safe mode from the menu). Be sure you're able to view hidden files, and remove the following files in bold (if found):C:\WINDOWS\SYSTEM32\5237j6.dll

Posted 08 August 2004 - 06:12 AM

admin

Posted 08 August 2004 - 10:03 AM

admin

Founder Geek

Administrator

24,548 posts

These are on the same system? Generally, removing malware from an account with administrator privelages will clean the entire system. You "Ben" account has malware present. Please start a new topic for that hijack log.